Privacy Policy
Last updated: June 12, 2025
Table of Contents
- 1. Who We Are
- 2. Scope of This Policy
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Legal Bases for Processing (Where Applicable)
- 6. Disclosure to Third Parties
- 7. Cookies & Similar Technologies
- 8. Data Retention
- 9. Data Security
- 10. International Transfers
- 11. Your Privacy Choices & Rights
- 12. Children’s Privacy
- 13. California "Shine the Light" Notice
- 14. Changes to This Policy
- 15. Contact Us
1. Who We Are
Dataflakes LLC ("Dataflakes," "we," "our," or "us") provides web-based practice tests and related study materials for data-engineering certification exams.
Business address: 30 N Gould St, Ste N, Sheridan, WY 82801, USA.
Contact: privacy@dataflakes.io.
2. Scope of This Policy
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:
- visit or interact with our websites, dashboards, or other online properties (collectively, the "Service");
- create an account or make a purchase; or
- otherwise engage with us.
This Policy does not cover websites, apps, or services that we do not own or control.
3. Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email address, Google profile ID, hashed password (if applicable) | Create and maintain your account |
| Transaction Data | Billing amount, payment status, Stripe transaction ID. We do not store your credit card data; payment processing is handled by Stripe. | Process one-time payments, detect fraud |
| Usage Data | Test sessions, scores, answer choices submitted, exam attempt history, time‑on‑question, feature interactions, IP address, browser type | Deliver core functionality, provide analytics & performance feedback |
| Device & Log Data | IP address, device identifiers, date/time stamps, error logs | Security, troubleshooting |
| Support Correspondence | Emails or support tickets you voluntarily submit | Respond to inquiries, improve service |
We do not intentionally collect "special category" data (e.g., health, race, biometric, or political opinions).
4. How We Use Your Information
| Purpose | Legal/Business Justification |
|---|---|
| Provide, operate, and improve the Service | Contract performance; legitimate interests |
| Authenticate users via Google SSO | Contract performance |
| Process payments and issue receipts | Contract performance |
| Generate aggregated, de‑identified analytics | Legitimate interests |
| Analyze usage patterns to improve question quality, exam relevance, and overall user experience. | Legitimate interests |
| Detect, prevent, or address fraud, security, or technical issues | Legal obligations; legitimate interests |
| Enforce our Terms of Service | Contract performance |
| Send essential service notices (password reset, transactional emails) | Contract performance |
| Comply with legal requests or obligations | Legal obligations |
We do not sell or rent your personal information for advertising purposes.
5. Legal Bases for Processing (Where Applicable)
If you are a resident of the European Union (EU) / European Economic Area (EEA), or if EU data‑protection laws otherwise apply to your use of the Service, our legal bases for processing your personal information are as follows:
- Contract – processing necessary to deliver the Service.
- Legitimate Interests – improving and securing the Service; minimal impact on your privacy.
- Legal Obligation – compliance with U.S. or other applicable law.
- Consent – where required (e.g., optional cookies); you may withdraw at any time.
6. Disclosure to Third Parties
| Recipient | Data Shared | Reason |
|---|---|---|
| Stripe, Inc. | Necessary payment details | Payment processing & anti‑fraud |
| Google LLC (OAuth) | Auth tokens, email, name | Single‑sign‑on authentication |
| Cloud hosting & infrastructure providers | Data covered by this policy | Service hosting, storage, backup |
| Legal or Government Authorities | Account & usage data | When legally compelled or to protect rights |
| Successors or Acquirers | Limited to transaction‑necessary data | Business merger, acquisition, or asset sale (users will be notified) |
We require all third‑party processors to protect personal information to standards comparable to ours.
7. Cookies & Similar Technologies
We use essential cookies for:
- Session management
- Security (e.g., CSRF tokens)
Optional analytics cookies (e.g., first‑party performance metrics) are deployed only with opt‑in consent where required. Browser "Do Not Track" signals are honored for analytics cookies. You can typically manage your cookie preferences through your browser settings. For optional analytics cookies, we will provide a mechanism for you to provide or withdraw consent where applicable.
8. Data Retention
| Data Type | Retention Rule |
|---|---|
| Active account data | Retained for account lifetime |
| Deleted or terminated accounts | Erased within 30 days of confirmed deletion |
| Transaction records | Retained for 7 years to satisfy U.S. tax & accounting laws |
| Server logs & backups | Rolled off or anonymized within 90 days |
9. Data Security
- Encryption in transit (TLS 1.2+) and at rest for stored data
- Role‑based access controls; least‑privilege principle
- Continuous security monitoring & routine vulnerability assessments
- Incident‑response plan in place; affected users will be notified as required by law
No system is 100% secure, but we take commercially reasonable measures to safeguard your data.
10. International Transfers
Your data is stored and processed on servers located in the United States. By using the Service, you understand that your information may be transferred to, and maintained on, servers outside your country of residence and that U.S. laws may differ from those in your jurisdiction.
11. Your Privacy Choices & Rights
Depending on local law, you may have rights to:
- Access a copy of the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated data. Deletion of your account will result in the erasure of your personal data, including your exam history and scores, subject to our data‑retention policy for legal and accounting purposes (see Section 8).
- Object to or restrict certain processing
- Receive your data in a portable format
To exercise any right, email privacy@dataflakes.io. We will respond within 30 days. Verification of identity may be required.
12. Children’s Privacy
The Service is intended only for individuals 18 years or older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such data, contact us for deletion.
13. California "Shine the Light" Notice
California residents may request a list of third parties to whom personal information was disclosed for direct‑marketing purposes during the preceding calendar year. We disclose no personal information for direct marketing. Requests may be sent to the address in Section 15.
14. Changes to This Policy
We may update this Privacy Policy at any time. Changes take effect immediately upon posting an in‑app banner or comparable notice. Continued use of the Service after the notice date constitutes acceptance of the revised Policy.
15. Contact Us
Questions or concerns?
Email: privacy@dataflakes.io
Postal: Dataflakes LLC, 30 N Gould St, Ste N, Sheridan, WY 82801, USA
By using the Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
© 2025 Dataflakes LLC. All rights reserved.